SOUTHFIELD, Mich. (WXYZ) — Ascension Hospital is still in the throes of a massive nationwide cyber-attack, a day after it was detected.
Some patients, we’re told, have been diverted, while Ascension reverts to pad and paper to handle patient records.
Ask Dr. Nandi: How cyberattacks can impact patient care
We talked with a cyber expert, an ER Doctor at Ascension, and a spokesperson to get a better understanding for you of what is happening right now and what's still to come.
A cyber-attack of unknown origin continues to disrupt clinical operations at Ascension healthcare network which serves 19 states with 140 hospitals, fourteen in Michigan, including 6 here in Metro Detroit.
'Migraine': How Ascension health cyberattack caused headache for doctors
In a Thursday statement, the health system says it is investigating, responded immediately, and has activated remediation efforts.
An ER doctor in the southeast Michigan system told us today they’ve been told to expect systems to be down for the next two weeks, They’ve had to override medication dispensing machines for patients.
Some patients told us on Facebook that Ascension’s staff is minimizing the impact. One tells us they’ve been to the ER twice in the last 12 hours and despite the computer issues, everyone is very helpful and caring.
“You can pretty much assume that Ascension is in scramble mode,” said Scott Bailey.
Scott Bailey with N1 Discovery is a Metro Detroit-based data security expert with extensive experience.
“We've done one of the largest healthcare data breaches in Michigan. We did one of the largest breaches of a public utility here in Michigan. So those were all also very significant on the forensic side. I was brought in on the Oklahoma City bombing. I did work on the Kwame Kilpatrick case. I’m a digital E-discovery digital consultant to the Attorney General’s office for the Flint Water Crisis,” explained Bailey.
“Is it possible that the breach is active right now still?” I asked.
“It certainly could be. When you think about Ascension, it is a massive organization in multiple states. Some threat actors, when they actually get into a system, they will be putting or trying to put backdoors into that system,” said Bailey.
“What does this mean for the system? What’s happening for the patients and for the caregivers at Ascension?” I asked.
“Either they’re down because of the cyber-attack directly, meaning possibly a ransomware attack that's encrypted the systems,” said Bailey. “Or they were deliberately turned down to prevent further damage. They’re having to now go back to what a lot of people today would call the Stone Age. You know 1980 when everything was done by pencil and paper.”
It's certainly not the first cyber-attack aimed at a healthcare system.
Change Healthcare paid $22 million for a February ransomware attack.
Bailey believes a payout is the likely motivation for the attack on Ascension too.
“Cyber Security is all or nothing, right? Either you have everything protected, or you’re vulnerable. Period,” said Bailey.
